Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by voila-dashboards

    CVE-2024-30265 (GCVE-0-2024-30265)

    Vulnerability from nvd – Published: 2024-04-03 22:55 – Updated: 2024-08-02 01:32
    VLAI
    Title
    Voilà Local file inclusion
    Summary
    Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilà is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    voila-dashboards voila Affected: >= 0.0.2, < 0.2.17
    Affected: >= 0.3.0a0, < 0.3.8
    Affected: >= 0.4.0a0, < 0.4.4
    Affected: >= 0.5.0a0, < 0.5.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-04T16:07:37.511255Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:39:46.558Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:32:06.621Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg"
              },
              {
                "name": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52"
              },
              {
                "name": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67"
              },
              {
                "name": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2"
              },
              {
                "name": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8"
              },
              {
                "name": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "voila",
              "vendor": "voila-dashboards",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.0.2, \u003c 0.2.17"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.3.0a0, \u003c 0.3.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.4.0a0, \u003c 0.4.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.5.0a0, \u003c 0.5.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voil\u00e0 dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voil\u00e0 dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voil\u00e0 is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T22:55:20.202Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg"
            },
            {
              "name": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52"
            },
            {
              "name": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67"
            },
            {
              "name": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2"
            },
            {
              "name": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8"
            },
            {
              "name": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504"
            }
          ],
          "source": {
            "advisory": "GHSA-2q59-h24c-w6fg",
            "discovery": "UNKNOWN"
          },
          "title": "Voil\u00e0 Local file inclusion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-30265",
        "datePublished": "2024-04-03T22:55:20.202Z",
        "dateReserved": "2024-03-26T12:52:00.935Z",
        "dateUpdated": "2024-08-02T01:32:06.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-30265 (GCVE-0-2024-30265)

    Vulnerability from cvelistv5 – Published: 2024-04-03 22:55 – Updated: 2024-08-02 01:32
    VLAI
    Title
    Voilà Local file inclusion
    Summary
    Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voilà dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilà is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    voila-dashboards voila Affected: >= 0.0.2, < 0.2.17
    Affected: >= 0.3.0a0, < 0.3.8
    Affected: >= 0.4.0a0, < 0.4.4
    Affected: >= 0.5.0a0, < 0.5.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-04-04T16:07:37.511255Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:39:46.558Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:32:06.621Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg",
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg"
              },
              {
                "name": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52"
              },
              {
                "name": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67"
              },
              {
                "name": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2"
              },
              {
                "name": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8"
              },
              {
                "name": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504",
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "voila",
              "vendor": "voila-dashboards",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 0.0.2, \u003c 0.2.17"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.3.0a0, \u003c 0.3.8"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.4.0a0, \u003c 0.4.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 0.5.0a0, \u003c 0.5.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Collabora Online is a collaborative online office suite based on LibreOffice technology. Any deployment of voil\u00e0 dashboard allow local file inclusion. Any file on a filesystem that is readable by the user that runs the voil\u00e0 dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voil\u00e0 is deployed. This issue has been patched in 0.2.17, 0.3.8, 0.4.4 and 0.5.6.\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-04-03T22:55:20.202Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/voila-dashboards/voila/security/advisories/GHSA-2q59-h24c-w6fg"
            },
            {
              "name": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/voila-dashboards/voila/commit/00d6362c237b6b4d466873535554d6076ead0c52"
            },
            {
              "name": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/voila-dashboards/voila/commit/28faacc9b03b160fd8fa920ad045f4ec0667ab67"
            },
            {
              "name": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/voila-dashboards/voila/commit/5542e4ae36bb5d184deaa48f95e76be477756af2"
            },
            {
              "name": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/voila-dashboards/voila/commit/98b6a40fec27723572314fdbba99bdc147d904c8"
            },
            {
              "name": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/voila-dashboards/voila/commit/c045be6988539d07cceeb9f82fc660a49485d504"
            }
          ],
          "source": {
            "advisory": "GHSA-2q59-h24c-w6fg",
            "discovery": "UNKNOWN"
          },
          "title": "Voil\u00e0 Local file inclusion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-30265",
        "datePublished": "2024-04-03T22:55:20.202Z",
        "dateReserved": "2024-03-26T12:52:00.935Z",
        "dateUpdated": "2024-08-02T01:32:06.621Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }